Port details |
- chrony System clock synchronization client and server
- 4.6.1_1 net =6 4.6.1Version of this port present on the latest quarterly branch.
- Maintainer: mandree@FreeBSD.org
- Port Added: 2014-04-08 17:07:07
- Last Update: 2024-12-08 15:19:40
- Commit Hash: f7c8a62
- People watching this port, also watch:: net-snmp, node_exporter, libxml2, openvpn, haproxy
- License: GPLv2
- WWW:
- https://chrony-project.org/
- Description:
- chrony is a pair of programs which are used to maintain the accuracy of the
system clock on a computer; the two programs are called chronyd and chronyc.
chronyd is a daemon which runs in background on the system. It obtains
measurements via the network of the system clock's offset relative to time
servers on other systems and adjusts the system time accordingly. For
isolated systems, the user can periodically enter the correct time by hand
(using chronyc). In either case, chronyd determines the rate at which the
computer gains or loses time, and compensates for this. chronyd implements
the NTP protocol and can act as either a client or a server.
chronyc provides a user interface to chronyd for monitoring its performance
and configuring various settings. It can do so while running on the same
computer as the chronyd instance it is controlling or a different computer.
- ¦ ¦ ¦ ¦
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- Conflicts:
- CONFLICTS_INSTALL:
- To install the port:
- cd /usr/ports/net/chrony/ && make install clean
- To add the package, run one of these commands:
- pkg install net/chrony
- pkg install chrony
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: chrony
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1728827221
SHA256 (chrony-4.6.1.tar.gz) = 571ff73fbf0ae3097f0604eca2e00b1d8bb2e91affe1a3494785ff21d6199c5c
SIZE (chrony-4.6.1.tar.gz) = 636076
Packages (timestamps in pop-ups are UTC):
- Slave ports:
-
- net/chrony-lite
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- gmake>=4.4.1 : devel/gmake
- pkgconf>=1.3.0_1 : devel/pkgconf
- Library dependencies:
-
- libnettle.so : security/nettle
- libgnutls.so : security/gnutls
- libedit.so.0 : devel/libedit
- There are no ports dependent upon this port
Configuration Options:
- ===> The following configuration options are available for chrony-4.6.1_1:
DOCS=on: Build and/or install documentation
EXAMPLES=on: Build and/or install examples
HTMLDOCS=off: Build HTML docs (IMPLIES DOCS, needs ruby, asciidoctor)
NTS=on: Support Network Time Security (NTS, uses GnuTLS & Nettle)
USER=on: Run as user/group chronyd (unset: user/group ntpd)
====> Support for secure hash functions
NETTLE=on: Nettle crypto library support for secure hash and NTS
NSS=off: NSS-based support for more hashing algorithms
===> Use 'make config' to modify these settings
- Options name:
- net_chrony
- USES:
- cpe gmake libedit pkgconfig
- FreshPorts was unable to extract/find any pkg message
- Master Sites:
|
Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
4.6.1_1 08 Dec 2024 15:19:40 |
Matthias Andree (mandree) |
net/chrony: dns/dnsmasq: change rcfile ordering
Make sure that these services start in proper order, and sooner
such that chrony can synchronize time before other services need it.
Note that there is a circular dependency or bootstrapping problem
here in that the system time needs to be halfway correct if you
require your time servers to be looked up through DNS with DNSSEC
enabled because crypto usually needs correct clocks for expiration
checks on signatures to work so the name service needs a correct time,
and looking up the time server needs a working name service.
So be sure you can bootstrap with a skewed time.
Reported by: Lexi Winter
PR: 282566
I am not MFHing this, it's too intrusive. |
4.6.1 13 Oct 2024 15:22:40 |
Matthias Andree (mandree) |
net/chrony: update to 4.6.1
ChangeLog: https://chrony-project.org/news.html#_8_oct_2024_chrony_4_6_1_released
MFH: 2024Q4 |
4.6 02 Sep 2024 21:27:08 |
Matthias Andree (mandree) |
net/chrony: update to 4.6
ChangeLog: https://chrony-project.org/news.html#_2_sep_2024_chrony_4_6_released |
4.5_1 22 Jan 2024 16:52:31 |
Muhammad Moinur Rahman (bofh) |
net/chrony: Sanitize MANPREFIX
Approved by: portmgr (blanket) |
4.5 05 Dec 2023 17:45:52 |
Matthias Andree (mandree) |
net/chrony: update to 4.5
Changelog: https://chrony-project.org/news.html#_5_dec_2023_chrony_4_5_released |
4.4 11 Aug 2023 19:18:23 |
Matthias Andree (mandree) |
net/chrony: update to 4.4
ChangeLog: https://chrony-project.org/news.html#_9_aug_2023_chrony_4_4_released |
07 Sep 2022 21:58:51 |
Stefan Eßer (se) |
Remove WWW entries moved into port Makefiles
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner) |
4.3 07 Sep 2022 21:10:59 |
Stefan Eßer (se) |
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above ) |
4.3 31 Aug 2022 20:42:39 |
Matthias Andree (mandree) |
net/chrony: update to 4.3
ChangeLog:
https://chrony.tuxfamily.org/news.html#_31_aug_2022_chrony_4_3_released |
4.2 20 Jul 2022 14:22:37 |
Tobias C. Berner (tcberner) |
net: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Aaron Straup Cope <ascope@cpan.org>
* Aaron Zauner <az_mail@gmx.at>
* Adam Jette <jettea46@yahoo.com>
* Adam Weinberger <adamw@FreeBSD.org>
* Alan Eldridge <alane@geeksrus.net>
* Alex Bakhtin <Alex.Bakhtin@gmail.com>
* Alex Deiter <Alex.Deiter@Gmail.COM>
* Alex Dupre <ale@FreeBSD.org>
* Alex Dupre <sysadmin@alexdupre.com> (Only the first 15 lines of the commit message are shown above ) |
4.2 27 Dec 2021 15:59:10 |
Matthias Andree (mandree) Author: Oleg Sidorkin |
net/chrony: update to 4.2
committed v2 with one typo fix
PR: 260731
Signed-off-by: Matthias Andree <mandree@FreeBSD.org> |
4.1 15 May 2021 07:21:10 |
Matthias Andree (mandree) |
net/chrony: update to 4.1
ChangeLog:
https://chrony.tuxfamily.org/news.html#_13_may_2021_chrony_4_1_released |
4.0_1 07 Apr 2021 18:59:33 |
Matthias Andree (mandree) |
net/chrony: enable MS-SNTP authentication (SIGND)
PR: 254859
Reported by: Andrej Ebert |
4.0 06 Apr 2021 14:31:13 |
Mathieu Arnold (mat) |
all: Remove all other $FreeBSD keywords. |
4.0 06 Apr 2021 14:31:07 |
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
4.0 19 Jan 2021 20:24:46 |
decke |
net/chrony: Preparations for a new slave port
PR: 252584
Submitted by: myself
Approved by: mandree@ |
4.0 07 Oct 2020 17:40:56 |
mandree |
net/chrony: update to 4.0 release
Changelog: https://git.tuxfamily.org/chrony/chrony.git/tree/NEWS?id=4.0#n1
Update options (unfortunately the crypto stuff is a bit contorted
with NSS <-> Nettle incompatibilities and NTS requiring GnuTLS and Nettle). |
3.5.1 22 Aug 2020 11:03:03 |
mandree |
net/chrony: security update to 3.5.1
This upstream update essentially contains one Git commit:
https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.5-stable&id=f00fed20092b6a42283f29c6ee1f58244d74b545
It is to fix a symlink vulnerability when writing the pidfile.
Changelog:
https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html
MFH: 2020Q2 (blanket: upstream has one specific git commit between 3.5 and
3.5.1)
Security: CVE-2020-14367
Security: 719f06af-e45e-11ea-95a1-c3b8167b8026 |
3.5_3 16 May 2020 10:51:33 |
sunpoet |
Bump PORTREVISION for security/nettle shlib change |
3.5_2 08 May 2020 01:35:58 |
mandree |
net/chrony: option to use system ntpd user/group
USER_DESC was reworded to make purpose clearer.
While here, shuffle things a bit to appease portclippy.
PR: 246293
Submitted by: olivier@ |
3.5_2 06 Apr 2020 16:27:48 |
mandree |
net/chrony: fix regression, remove pidfile= from rc.d script
chrony handles its own pidfile, and still our status method works,
so avoid missing chrony's own lock management.
PR: 245399
Reported by: Peter Putzer |
3.5_1 05 Apr 2020 21:27:56 |
mandree |
net/chrony: take maintainership, repeated timeouts from yonas@fizk.net |
3.5_1 05 Apr 2020 21:20:11 |
mandree |
net/chrony: make NETTLE build robust, improve rc script, re-enable NSS
Changes by Colin T.:
* Always require pkgconfig instead of only requiring it for NSS,
because otherwise chrony does not link reliably to nettle. [1]
* Add pidfile to rc.d script to stop it from complaining when
stopping chronyd. [1]
* Document chronyd_* options in rc.d script. [1]
Changes by Matthias Andree:
* Move USES line up to please portlint.
* Add HTMLDOCS option, to build and install HTML docs. IMPLIES DOCS.
Needs textproc/asciidoctor (rubygem) as build requisite.
* Turn CRYPTLIB into a _RADIO to choose at most one from NSS + NETTLE.
* Under WITH_DEBUG, add --enable-debug to CONFIGURE_ARGS.
* Remove @ (silent) from Makefile commands.
* Remove NSS_BROKEN, chrony 3.5 appears to work with NSS. Updates [3].
PR: 244534 [1]
PR: 242510 [2]
PR: 223840 [3]
Submitted by: Colin T. <bugzilla@nulldir.e4ward.com> [1]
Reported by: Matt Smith <freebsd@xtaz.uk> [2]
Approved by: maintainer timeout (yonas@fizk.net, 36 days) |
3.5 09 Oct 2019 12:17:15 |
bapt |
Drop the ipv6 virtual category for n* category as it is not relevant anymore |
3.5 02 Sep 2019 22:35:05 |
swills |
net/chrony: Update to 3.5
PR: 239596
Submitted by: Colin T. <bugzilla@nulldir.e4ward.com>
Approved by: maintainer timeout (yonas@fizk.net, >1 month) |
3.4_2 09 Jul 2019 17:13:07 |
sunpoet |
Update security/nettle to 3.5.1
- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]
Changes: https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR: 238991
Exp-run by: antoine
Thanks to: tobik [1] |
3.4_1 27 Dec 2018 20:41:54 |
decke |
net/chrony: Fix chrony running as server and using bindaddress
On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.
Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.
PR: 233644
Submitted by: Colin T <bugzilla@nulldir.e4ward.com>
Reported by: ddrinnon@cdor.net
Approved by: maintainer timeout (> 3 weeks)
Obtained
from: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901 |
3.4 23 Nov 2018 20:46:27 |
swills |
net/chrony: Update to 3.4
PR: 232823
Submitted by: Colin T. <bugzilla@nulldir.e4ward.com>
Approved by: maintainer timeout (yonas@fizk.net, >3 weeks) |
3.3 30 Aug 2018 04:05:08 |
danfe |
Remove redundant DOCS, NLS, EXAMPLES, and IPV6 from OPTIONS_DEFAULT as they
are put there by the framework (see line 200 of Mk/bsd.options.mk), except
for `finance/quantlib' which makes very unorthodoxal usage of port options. |
3.3 09 May 2018 03:01:58 |
tobik |
net/chrony: Update to 3.3
- Add explicit DOCS, EXAMPLES options
- Replace %%PREFIX%% in sample files
- Make sure chronyc is really linked with libedit from ports
- Add support for security/nettle and use it by default since chrony crashes
on startup when built with NSS. [1]
PR: 227779, 223840 [1]
Submitted by: takefu@airport.fm
Approved by: maintainer |
3.1_3 20 Nov 2017 13:49:59 |
rodrigo |
Add missing lib dependency in the original patch
Bump PORTREVISION
PR: 217691
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Approved by: Yonas Yanfa <yonas@fizk.net> |
3.1_2 18 Nov 2017 22:41:34 |
rodrigo |
Makes the NSS dependency explicit, and perform cleanup
Bump PORTREVISION
Before this patch if nss is installed when crony is built, there's a silent lib
dependency on nss, and if nss is subsequently uninstalled chrony breaks.
NSS is now turned on by default adding support for a number of more modern
hashing algorithms than md5.
Cleanup:
- --infodir is not a valid configure option (since 2.3 I think)
- USES=localbase instead of LDFLAGS
- add explicit --without-tomcrypt [1]
- add support for passing chronyd_flags to chronyd in rc.d script
- fix some hard-coded /usr/local in examples
PR: 217691
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Approved by: Yonas Yanfa <yonas@fizk.net> (maintainer) |
3.1_1 16 Nov 2017 19:11:42 |
feld |
net/chrony: Remove dubious security warnings in pkg-message
PR: 223647
MFH: 2017Q4 |
3.1 06 Mar 2017 06:53:39 |
wen |
- Update to 3.1
PR: 217573
Submitted by: yonas@fizk.net(maintainer) |
3.0 13 Feb 2017 18:05:34 |
krion |
Update net/chrony: enable privilege separation and other minor changes.
- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group
PR: 216737
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D9570 |
3.0 31 Jan 2017 03:40:46 |
linimon |
Mark various ports broken on aarch64 and armv6.
Approved by: portmgr (tier-2 blanket) |
3.0 17 Jan 2017 17:37:21 |
amdmi3 |
- Update to 3.0
- While here, add LICENSE_FILE and remove unneeded @dir
PR: 216184
Submitted by: yonas@fizk.net (maintainer) |
2.4.1 02 Dec 2016 11:58:22 |
mat |
Do not use post-stage. Use post-install instead.
The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.
PR: 214780
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight |
2.4.1 29 Nov 2016 23:53:36 |
junovitch |
net/chrony: update 2.4 -> 2.4.1
PR: 214749
Submitted by: Yonas Yanfa <yonas@fizk.net> (maintainer) |
2.4 12 Jun 2016 10:41:45 |
pi |
net/chrony: 2.3 -> 2.4
Changes:
http://chrony.tuxfamily.org/news.html
PR: 210190
Submitted by: Yonas Yanfa <yonas@fizk.net> (maintainer) |
2.3 06 Jun 2016 16:50:14 |
danfe |
- Remove ONLY_FOR_ARCHS restriction as chronyd(8) runs fine on PowerPC now
- Remove no-op OPTIONS_DEFAULT=IPV6, which was bogusly re-added in r416385
by pi@ after it was previously removed by amdmi3@ in r416447
- Sanitize `post-stage' target recipe (still needs more work to decouple
extra docs and examples properly and add them to OPTIONS_DEFINE)
Tested on: Mac mini G4 (powerpc) |
2.3 05 Jun 2016 03:35:27 |
pi |
net/chrony: 2.2 -> 2.3
- submitter becomes maintainer after repeated maintainer timeouts
Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
- Resolve names in separate process when seccomp filter is enabled
- Replace old records in client log when memory limit is reached
- Don't reveal local time and synchronisation state in client packets (Only the first 15 lines of the commit message are shown above ) |
2.2 23 May 2016 20:35:01 |
amdmi3 |
Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed
Approved by: portmgr blanket |
2.2 27 Dec 2015 12:53:33 |
riggs |
Update to upstream version 2.2; general cleanup
Detailed log by submitter:
- Update net/chrony to latest upstream version - 2.2
- install info
- point to /var/db instead of /var/lib (per hier(7))
- use doc/install-docs target; install more docs (PORTDOCS)
- use @sample to a sample .conf file (not for .keys which will require
manual intervention); others in examples dir (use PORTEXAMPLES)
- rm old post-install target
- fix example files for freebsd/prefix paths & ntp server names, add
info regarding how to do log rotation if logging turned on.
PR: 204817
Submitted by: z7dr6ut7gs@snkmail.com
Approved by: maintainer timeout |
1.31.1 23 Nov 2015 20:04:20 |
pi |
net/chrony: prefix fix, remove setuid-root mode
PR: 204018
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Reviewed by: koobs
Approved by: masaki@club.kyutech.ac.jp (maintainer timeout) |
1.31.1 23 May 2015 18:59:12 |
pi |
net/chrony: 1.31 -> 1.31.1
- Update to 1.31.1 to resolve CVE-2015-1799, CVE-2015-1821, and CVE-2015-1822
- Regenerate patches with `make makepatch` to quiet portlint
- Strip binaries
PR: 199508
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: masaki@club.kyutech.ac.jp (maintainer timeout) |
1.31 22 Apr 2015 11:43:13 |
robak |
net/chrony: add CPE info
PR: 199513
Submitted by: jbeich
Approved by: portmgr blanket |
1.31 01 Nov 2014 16:17:49 |
madpilot |
- Update to 1.31 [1]
While here:
- Add makeinfo and readline uses
- Fix plist orphans
PR: 194079 [1]
Submitted by: Kevin Thompson <antiduh at csh.rit.edu>
Approved by: maintainer timeout |
1.29.1 09 Apr 2014 09:01:41 |
danfe |
Some minor, non-functional wording and grammar nits. |
1.29.1 08 Apr 2014 17:06:59 |
danfe |
Add a port of system clock synchronization client and server (chrony).
WWW: http://chrony.tuxfamily.org/
PR: ports/174263 |